O365 Identities and Requirements - 70-346

¡Supera tus tareas y exámenes ahora con Quizwiz!

Contoso has an O365 Tenant. The company plans to implement SSO. You install ADFS. You need to enable the use of SSO. How should you complete the relevant PowerShell commands? $cred = Get-Credential ________________1______________ Connect-MsolService -Credential __________2___________ -DomainName contoso.com -SkipUserConversion $false -PasswordFile c:\password.txt 1. Default O365 admin or AD Enterprise Admin 2. Convert-MsolDomainToStandard Convert-MsolDomainToFederated

$cred = Get-Credential AD Enterprise Admin Connect-MsolService -Credential Convert-MsolDomainToFederated -DomainName contoso.com -SkipUserConversion $false -PasswordFile c:\password.txt

A company with 75,000 employees has an O365 tenant. You need to install the Azure AD Sync tool by using the least amount of admin effort. Which versions of each product should you implement? Select three. .NET Components PowerShell SQL Server .Net 3.5 PowerShell (PS1) SQL Server Express .Net 4.0 PowerShell (PS2) SQL Server 2008 .Net 4.5 PowerShell (PS3) SQL Server 2012 .Net 4.5.1 PowerShell (PS4) SQL Server 2014

.Net 4.5.1 PowerShell (PS3) SQL Server Express

You plan to deploy an O365 tenant to multiple offices around the country. You need to modify the users and groups who are authorized to admin the Rights Management Service. Which cmdlet should you run? A. Add-MsolGroupMember B. Get-AadrmRoleBasedAdministrator C. Remove-AadrmRoleBasedAdministrator D. Enable-AadrmSuperUserFeature

A. Add-MsolGroupMember

A company has an O365 tenant. The company uses a third-party DNS provider that does not allow TXT records. You need to verify domain ownership. What should you do? A. Create an MX record. B. Create a CNAME record. C. Create an A record. D. Create a SRV record.

A. Create an MX record.

A company has an O365 tenant. You need to ensure that AD is ready for synchronization. Which tool should you run? A. IdFix B. O365 Health, Readiness, and Connectivity Check C. Remote Connectivity Analyzer Tool D. Sync Service (MIISClient)

A. IdFix

Your company has an O365 subscription. You create a new retention policy that contains several retention tags. A user named Test5 has a client computer that runs MS Office Outlook 2007. You install 2010 on the client computer of Test5. Test5 reports that the new retention tags are unavailable from 2010. You verify that other users can use the new retention tags. You need to ensure that the new retention tags are available to Test5 from 2010. What should you do? A. instruct Test5 to repair the outlook profile. B. modify the retention policy tags C. run the set-mailbox cmdlet D. Force dir-sync

A. instruct Test5 to repair the outlook profile.

You must create an O365 tenant. You assign administrative roles to other users. You hire a new user named User2. User2 must NOT be able to change passwords for other users. You need to assign an admin role to User2. Which role should you assign? A. service admin B. global admin C. delegate admin D. password admin

A. service admin

A company has an O365 tenant. You plan to use ADFS for user authentication. You create an account named SyscService in AD and in O365. You must configure the permissions for the accounts in both environments by granting the minimum permissions required. In the table below, identify the role that you must assign to each account. Note: Make only one selection in each column. Account location AD O365 domain user Schema admin Account operators User Mgmt Admin Global admin

Account location AD O365 domain user X Schema admin Account operators User Mgmt Admin Global admin X AD = Domain user O365 = global admin

You have an O365 tenant that has an E3 subscription. You enable Azure Rights Management for users in the tenant. You need to define the methods that you can implement to encrypt and decrypt email messages. What should you do? Methods: Transport rule One-time password Connector Organization account Text message Action: Send encrypted email Receive encrypted replies View encrypted email

Action: Send encrypted email - Transport rule Receive encrypted replies - Organization account View encrypted email - Organization account

You manage a team of three admins for an organization that uses O365. You must assign roles for each of the admins as shown in the table. You must assign the minimum permissions required to perform the assigned tasks. Admin 1 - Reset user passwords for admins Admin 2 - Perform purchasing operations Admin 3 - Create and manage user views You need to assign the correct role to each admin. Which admin role should you configure for each user? Roles: billing admin global admin user management admin

Admin 1 - Reset user passwords for admins - global admin Admin 2 - Perform purchasing operations - billing admin Admin 3 - Create and manage user views - user management admin

You are the O365 admin for your company. You configure new user accounts for User1 and User2. User1 has an on-prem mailbox. User2 has an O365 mailbox. Each user must be able to view the availability of the other user. You need to ascertain whether users can share their free/busy information. What should you use? A. Transport Reliability IP Probe (TRIPP Tool) B. MS Remote Connectivity Analyzer Tool C. Business Connectivity Services D. Windows Azure AD Rights Management

B. MS Remote Connectivity Analyzer Tool

Your company has a hybrid deployment of O365. You need to verify whether free-busy information sharing with external users is configured. What cmdlet should you use? A. Test-OutlookConnectivity B. Test-FederationTrust C. Get-OrganizationRelationship D. Get-MSOLDomainFederationSettings

C. Get-OrganizationRelationship

An organization deploys an O365 tenant. The service health page displays the following information. Exchange - Today: yellow arrow, Nov 13: blue I Sharepoint - Today: Green check, Nov 13: blue I You need to report the status of service interruptions. What is the current status of Exchange and Sharepoint? When is the earliest date that a post-incident review will be available for Sharepoint?

Sharepoint is available, Exchange is available but service is degraded. November 13th

You have an on-prem AD forest. You deploy ADFS and purchase an O365 subscription. You need to create a trust between the ADFS servers and the O365 subscription. Solution: You run the netdom.com command. Does this meet the goal?

Yes

Contoso uses O365 for collaboration services. You implement SSO with O365 by using ADFS. You need to implement Windows Azure multi-factor authentication. Which three actions should you perform? A. On the ADFS federation server, run PhoneFactorAgentSetup.exe. B. On the ADFS federation server, run WindowsAzureSDK-x64.exe. C. On the ADFS federation server, run Windows PowerShell cmdlet Register-AdfsAuthenticationProvider. D. On the ADFS federation server, run FsConfigWizard.exe. E. Run the AD Domains and Trusts MMC snap-in. Register Windows Azure Multi-Factor Authentication Server as an additional authentication provider. F. Run the Windows Azure Multi-Factor Authentication Server Authentication Configuration Wizard.

B. On the ADFS federation server, run WindowsAzureSDK-x64.exe. C. On the ADFS federation server, run Windows PowerShell cmdlet Register-AdfsAuthenticationProvider. F. Run the Windows Azure Multi-Factor Authentication Server Authentication Configuration Wizard.

A company deploys an O365 tenant. You assign the roles to users as shown in the following table: User1 - global admin User2 - user mgmt admin User3 - no roles are assigned User3 must be able to monitor the health of the Ex Online service. You must use the principle of least privilege to assign permissions to User3. You need to assign permissions to User3. Which 3 actions should you perform? -Assign User3 the service admin role in O365 -sign in to the O365 portal as User1 -sign in to the O365 portal as User2 -grant User3 admin permissions in Ex Online -assign User3 the global admin role in O365

-Assign User3 the service admin role in O365 -sign in to the O365 portal as User1 -grant User3 admin permissions in Ex Online only the global admin can delegate service admin role.

A company deploys an O365 tenant. You install the ADFS server role on a server that runs Windows Server 2012. You install and configure the FS Proxy role service. Users sign in by using the Security Assertion Markup Language (SAML) protocol. You need to customize the sign-in pages for O365. Which pages should you customize? Customization: -Change the list of trusted claims providers that are displayed -Authenticate users -Change the overall appearance of all pages ASP.NET Page: HomeRealmDiscovery.aspx FormsSignIn.aspx SignOut.aspx IdpInitiatedSignOn.aspx MasterPage.master Default.aspx

-Change the list of trusted claims providers that are displayed -- HomeRealmDiscovery.aspx -Authenticate users - IdpInitiatedSignOn.aspx -Change the overall appearance of all pages - MasterPage.master

An organization plans to deploy an O365 tenant. The company has 2 servers named Server1 and Server2. Server1 is a member server of the AD forest that you are sync'ing. Server2 is a standalone server. Both servers run Win Server 2012. You need to use Windows Azure AD sync tool to provision users. What three actions should you perform in sequence? -Install and run Win Azure AD Sync tool on Server2. -From the O365 admin center, activate dir-sync. -Install and run the Windows Azure AD Sync tool on Server1 -Activate all sync'ed users. Install AD DS on the member server

-From the O365 admin center, activate dir-sync. -Install and run the Windows Azure AD Sync tool on Server1 -Activate all sync'ed users.

A company plans to use O365 to provide email services to employees. The company obtains a custom domain name to use the O365. You need to add the domain name to O365. Which three actions should you perform in sequence? -Connect to Windows Azure AD. -Run Remote PowerShell -Enable user access for Remote Powershell in Exchange Online -Run the PowerShell cmdlet New-MsolDomain -Run the PowerShell cmdlet New-MsolFederatedDomain -Install the Azure AD module for Win PowerShell

-Install the Azure AD module for Win PowerShell -Connect to Windows Azure AD. -Run the PowerShell cmdlet New-MsolDomain

Litware has an O365 E1 plan. Employees have access to all O365 services. Employees in HR must continue to use the on-prem SP 2013 deployment due to legal requirements. You need to disable access to SP Online for all HR employees. How should you complete the commands? Import-ModuleMSOnline $cred = Get-Credential Connect-MsolService -cred $cred $license = New __________________ -AccountSkuId "litware:STANDARDPACK" -DisabledPlans __________________ Get___________________ -All -Department "HR" | Set ________________________ -LicenseOptions $license -MsolUser -MsolUserRole -MSOnline -MsolServer -MsolSubscription -MsolUserLicense -MsolLicenseOptions SHAREPOINTWAC SHAREPOINTSTANDARD

-MsolLicenseOptions SHAREPOINTSTANDARD -MsolUser -MsolUserLicense

A company plans to implement an O365 environment to manage email. All user accounts must be configured to use only a custom domain. You need to provision an O365 tenant for the company. Which three actions should you perform in sequence? -Configure the global admin account recovery info. -Remove the domain name onmicrosoft.com -Select the O365 plan -Configure the custom domain and DNS.

-Select the O365 plan -Configure the global admin account recovery info. -Configure the custom domain and DNS.

Contoso plans to use O365 services for collaboration between depts. Contoso has one AD DS domain named contoso.local. You deploy the Win Azure AD Sync tool. You plan to implement SSO for O365. You need to sync only the user accounts that have valid routable domain names and are members of specified depts. Which 3 actions should you perform in sequence? -Use the AD Users and Computers MMC snap-in to change the user principal name (UPN) suffix to contoso.com for all Contoso users. -Use domain-based filtering to exclude all users in the domain contoso.local. -use the AD Users and Computers MMC snap-in to change the UPN suffix to contoso.com for all users in the specified depts. -use user attribute-based filtering to exclude all the users that have contoso.local in the userPrincipalName attribute -add the UPN suffix contoso.com to the domain contoso.local by using the AD Users and Computers MMC snap-in -add the UPN suffix contoso.com to the domain contoso.local by using the AD Domains and Trusts MMC snap-in

-add the UPN suffix contoso.com to the domain contoso.local by using the AD Domains and Trusts MMC snap-in -use the AD Users and Computers MMC snap-in to change the UPN suffix to contoso.com for all users in the specified depts. -use user attribute-based filtering to exclude all the users that have contoso.local in the userPrincipalName attribute

You are the O365 admin for your company. The company has O365 E3 licenses for each of its 250 employees. The company does not allow email or Lync Online licenses to be assigned to external contractors. User1 is an external contractor who requires access to SP and OWA only. You need to add a license for User1's account. What should you do? 1. Sign in to the O365 admin center 2. ________________________________________________ 3. Add an SOW with SP (Plan1) plan. 4. ________________________________________________ 5. Assign licenses to User1. Actions: Select the purchase services option. Select the licensing option. Select the users and groups option. Enable External Users in SP. Add an E3 license for User1.

2. Select the purchase services option. 4. Select the users and groups option.

You need to modify the O365 subscription to support the planned changes for the devices that connect from untrusted networks. You enable Azure multi-factor authentication for all of the users in the subscription. What should you do next from the O365 portal? A. Add a trusted domain B. Set the Trusted IPs to 10.0.1.0/24 and 10.0.2.0/24 C. Set the Trusted IPs to 192.168.1.100/32 and 192.168.2.100/32 D. Convert the fabrikam.com domain to a federated domain.

A. Add a trusted domain

A company plans to use O365 to provide email services for users. You need to ensure that a custom domain name is used. What should you do first? A. Add the custom domain name to O365 and then verify it. B. Verify the existing domain name. C. Create an MX record in DNS. D. Create a CNAME record in DNS.

A. Add the custom domain name to O365 and then verify it.

You are the O365 admin for your company. The company syncs the local AD objects with a central identity management system. The environment has the following characteristics: -Each dept has its own OU -The company has OU hierarchies for partner user accounts -all user accounts are maintained by the identity mgmt system. You need to ensure that partner accounts are not synced with O365. What should you do? A. Configure OU based filtering by using the Azure AD Sync tool. B. In Azure AD portal, configure OU-based filtering C. Configure user attribute-based filtering by using the Azure AD Sync tool D. In the Azure AD portal, configure user attribute-based filtering.

A. Configure OU based filtering by using the Azure AD Sync tool.

You have an O365 subscription. All users have mailboxes hosted in Exchange Online. The network admins in your organization are updating the network infrastructure, including making changing to the DNS providers and updated the SSL certificates. You need to perform the following test in the Exchange Online environment: Verify the MX records for Exchange Online are published correctly. Send a test message from an external recipient to an Exchange Online recipient. Verify that the SMTP service is accessible from the internet. A. Connectivity Analyzer Tool B. Client Performance Analyzer C. O365 health, readiness and connectivity checks D. MS Remote Connectivity Analyzer

A. Connectivity Analyzer Tool

Contoso has an O365 tenant. You configure O365 to use the domain contoso.com and you verify the domain. You deploy and configure ADFS and AD Sync Services with password sync. You connect to Azure AD by using a Remote PowerShell session. You need to switch from using password-synced passwords to using ADFS on the O365 verified domain. Which cmd should you run? A. Convert-MsolDomaintoFederated -DomainName contoso.com B. Convert-MsolDomainToStandard -DomainName contoso.com C. Convert-MsolFederatedUser D. Set-MsolDomainAuthentication -DomainName contoso.com

A. Convert-MsolDomaintoFederated -DomainName contoso.com

You use a centralized identify management system as a source of authority for user account information. You export a list of new user accounts to a file on a daily basis. Your company uses a local AD for storing user accounts for on prem solutions. You are also using Azure AD Connect. New user accounts must be created in both the local AD and O365. You must import user account data into O365 daily. You need to import the new users. What should you do? A. Create a Windows PowerShell script to import account data from the file into AD B. Create a Windows PowerShell script that uses the MSOnline module to import account data from the file. C. Use the Azure Mgmt portal to import the file D. Use the O365 Admin Center to import the file

A. Create a Windows PowerShell script to import account data from the file into AD

An organization is migrating from an on-prem Exchange organization to O365 tenant users report that they cannot see the free/busy information for other users. You need to determine why free/busy information does not display. Which two PowerShell cmdlets should you run? A. Get-OrganizationRelationship B. Get-SharingPolicy C. Get-CsMeetingConfiguration D. Get-CsClientPolicy E. Get-IntraOrganizationConnector

A. Get-OrganizationRelationship D. Get-CsClientPolicy

You have an Exchange Online tenant. You must identify the mailboxes that are no longer in use. You need to locate the inactive mailboxes. Which cmdlet should you run? A. Get-StaleMailboxReport-StartDate B. Get-MailboxActivityReport-Organization C. Get-MailboxActivityReport-Expression D. Get-MailboxActivityReport-EndDate

A. Get-StaleMailboxReport-StartDate view mailboxes that havent been accessed for at least 30 days StateDate specifies the start date of the date range

A company deploys an O365 tenant. You must provide administrator with the ability to manage company information in O365. You need to assign permission to the admin by following the principle of least privilege. Which role should you assign? A. Global admin B. Service admin C. Billing admin D. User mgmt admin

A. Global admin

You have an O365 tenant that uses an E3 subscription. You have two servers in a perimeter network that have the ADFS proxy role service installed. A federation server farm is located behind a firewall. You need to ensure that the ADFS proxies can communication with the federation server farm. Which two name resolution strategies can you use? A. HOSTS file on the proxy server B. DNS server in the perimeter network C. LMHOSTS file on the proxy servers D. LMHOSTS file on the federation servers E. HOSTS file on the federation servers

A. HOSTS file on the proxy server B. DNS server in the perimeter network

A company has an O365 tenant. You need to monitor AD sync. Which tool should you run? A. IdFix B. O365 Health, Readiness, and Connectivity Check C. MS Remote Connectivity Analyzer tool D. Synchronization Service (MIISClient)

A. IdFix used to perform discovery and remediation of identity objects and their attributes in an on-prem AD environment in prep for migration to O365.

Contos has an on-prem SP environment. The company plans to deploy SP Online. You must use ADFS. The global admin account must be able to access the O365 tenant even if ADFS is unavailable. You need to set up the global admin account. What should you do? A. In the O365 admin center, create a user named [email protected]. B. In the O365 admin center, create a user named [email protected]. C. In AD Domain Services Users and Computers, create a user named [email protected]. D. In AD Domain Services Users and Computers, create a user named [email protected].

A. In the O365 admin center, create a user named [email protected].

An organization plans to migrate to O365. You need to estimate the post-migration network traffic. Which tool should you use? A. Lync 2013 Bandwidth Calculator B. Process Monitor C. Network Monitor D. OnRamp Readiness tool

A. Lync 2013 Bandwidth Calculator

A company plans to deploy an O365 tenant. You have two servers named FS1 and FS2 that have the Federation Service Proxy role service installed. You must deploy ADFS on Windows Server 2012. You need to configure name resolution for FS1 and FS2. What should you do? A. On FS1 and FS2, add the cluster DNS name and IP address of the federation server farm to the hosts file. B. On FS1 only, add the cluster DNS name and IP address of the federation server farm to the hosts file. C. On FS1 only, add the cluster NetBIOS name and IP address of the federation server farm to the LMHOSTS file. D. On FS1 and FS2, add the cluster NetBIOS name and IP address of the federation server farm to the LMHOSTS file.

A. On FS1 and FS2, add the cluster DNS name and IP address of the federation server farm to the hosts file.

An organization plans to migrate to O365. You use the Windows Azure AD Sync tool. Several users will not migrate to O365. You must exclude these users from sync. All users must continue to authenticate against the on-prem AD. You need to sync the remaining users. Which three actions should you perform to ensure users excluded from migration are not sync'ed? A. Populate an attribute for each user account. B. Disable the user accounts in AD. C. Perform a full sync. D. Configure the connection filter. E. Run PowerShell Set-MsolDirSyncEnabled -EnableDirSync $false.

A. Populate an attribute for each user account. C. Perform a full sync. D. Configure the connection filter.

Your company has 100 user mailboxes. The company purchases a subscription to O365 for professionals and small businesses. You need to enable the Litigation Hold feature for each mailbox. What should you do first? A. Purchase O365 for midsize business and enterprise. B. Enable audit logging for all of the mailboxes. C. Modify the default retention policy. D. Create a service request.

A. Purchase O365 for midsize business and enterprise.

You are the O365 admin for your company. The environment must support SSO. You need to install the required certificates. Which 2 certificates should you install? A. Secure Sockets Layer (SSL) B. privacy-enhanced mail (PEM) C. token signaling D. personal E. software publisher

A. Secure Sockets Layer (SSL) C. token signaling

A company has an O365 tenant that has an E1 subscription. The company has office in several different countries. You need to restrict O365 services for existing users by location. What cmdlet should you use? A. Set-MsolUser B. Redo-MsolProvisionUser C. Set-MsolUserLicense D. Set-MsolUserPrincipalName E. Convert-MsolFederatedUser F. Set-MailUser G.Set-Linked User H. New-MsolUser

A. Set-MsolUser

A company has an O365 tenant that has an E1 subscription. You plan to test a new deployment by using 50 tenant user accounts. You need to ensure that the password for the test user accounts do not expire. Which cmdlet do you run? A. Set-MsolUser B. Redo-MsolProvisionUser C. Set-MsolUserLicense D. Set-MsolUserPrincipalName E. Convert-MsolFederatedUser F. Set-MailUser G.Set-Linked User H. New-MsolUser

A. Set-MsolUser

A company has an O365 tenant that has an E1 subscription. You sync disabled user accounts from an AD domain services environment. You need to enable the user accounts in O365. Which cmdlet should you run? A. Set-MsolUser B. Redo-MsolProvisionUser C. Set-MsolUserLicense D. Set-MsolUserPrincipalName E. Convert-MsolFederatedUser F. Set-MailUser G.Set-Linked User H. New-MsolUser

A. Set-MsolUser when you dirsync a disabled user from on prem to O365 the user is created in o365 with the blockcredential attribute set to true. the set-msoluser userprincipalname -blockcredential $falso will enable that account.

A company has an O365 tenant. You must reset the password for an account named User1. You need to ensure that the new password for the account meets complexity rules. Which two passwords can you use? A. Summer2015 B. May2015 C. User1User1 D. summer2015 E. May2015 F. summer!@#$ G. M1crosoft

A. Summer2015 G. M1crosoft must contain at least one lowercase letter and one uppercase letter. must contain at least one non-alphanumeric character cannot contain spaces, tabs or line breaks. must be 8-16 characters username cannot be in password B. May2015 - too short C. User1User1 - can't contain User1 D. summer2015 - no capital letter E. May 2015 - no spaces F. summer!@#$ - illegal characters

You are the O365 admin for your company. User report that they have received significantly more spam messages over the past month than they normally receive. You need to analyze trends for the email messages received over the past 60 days. From the O365 admin center, what should you view? A. The mail protection reports B. Mailbox content search and hold report C. Messages on the message center page D. O365 Malware Detections in sent mail report

A. The mail protection reports

You administer the O365 environment for a company that has offices around the world. All of the offices use the same O365 tenant. You need to ensure that all users can access the services that are available in their regions. Which setting or service should you update? A. User location settings B. User licenses C. Service usage address D. Rights management

A. User location settings

Your company deploys an O365 tenant. You need to ensure that you can view service health and maintenance reports for the past 7 days. What are two possible ways to achieve this goal? A. View the service health current status page of the O365 admin center. B. Subscribe to the O365 Service Health RSS Notifications feed C. View the service settings page of the O365 admin center D. Run the MS OnRamp Readiness Tool

A. View the service health current status page of the O365 admin center. B. Subscribe to the O365 Service Health RSS Notifications feed

You are the O365 admin for your company. You have a server that runs Windows Server 2012. You plan to install and ADFS proxy server. You need to install and configure all the required roles. Which two roles should you install and configure? A. Web Server (IIS) B. ADFS C. Application Server D. Network Policy and Access Service E. AD Certificate Services F. Remote Access

A. Web Server (IIS) D. Network Policy and Access Service

An organization with an AD Domain Services domain migrates to O365. You need to manage O365 from a domain-joined Windows Server 2012 Core server. Which three components should you install? A. Windows Azure AD module for PowerShell B. MS .NET Framework 3.5 C. MS O365 Integration Module for Windows Small Business Server 2011 Essentials D. MS .NET Framework 4.0 E. MS Online Services Sign-In Assistant F. Rights Mgmt module for Windows PowerShellLF

A. Windows Azure AD module for PowerShell B. MS .NET Framework 3.5 E. MS Online Services Sign-In Assistant

An organization deploys an O365 tenant. User accounts must be sync-ed to O365 by using the Azure AD Sync tool. You have the following password policies: -passwords for the on-prem ADDS user accounts are at least six characters long -passwords for O365 user accounts are at least eight characters long you need to ensure that the user accounts will be sync'ed. Which user accounts will be sync'ed? A. all user accounts B. no user accounts C. user accounts with a password length of at least 6 characters D. user accounts with a password length of at least 8 characters

A. all user accounts

A company named Fabrikam is deploying an O365 tenant. You install ADFS on a server that runs Windows Server 2012. The company's environment is described in the following table: Description FQDN Cluster DNS name fs.fabrikam.com Server node in cluster server1.fabrikam.com Server node in cluster server2.fabrikam.com You must obtain a certificate from a certification authority and install it on the federation servers. You need to specify the subject name for the certificate. Which name should you specify? A. fs.fabrikam.com B. server1.fabrikam.com C. fabrikam.com D. server2.fabrikam.com

A. fs.fabrikam.com

Your company has a subscription to O365 for midsize business and enterprises. The company uses MS Lync Online. You need to open ports on the network firewall to enable all of the features of Lync Online. Which port or ports should you open? A. inbound TCP 443 B. outbound TCP 5061 C. outbound UDP 3478 D. outbound TCP 443 E. outbound UDP 50000 to outbound UDP 59999 F. inbound TCP 8080

A. inbound TCP 443 C. outbound UDP 3478 D. outbound TCP 443 E. outbound UDP 50000 to outbound UDP 59999

You are the O365 admin for your company. Users report that they have received significantly more spam messages over the past month than they normally receive. You need to analyze trends for the email messages received over the past 60 days. From the O365 admin center, what should you view? A. mail protection reports B. O365 malware detections in received mail report C. messages on the message center page D. the mailbox access by on-owners report

A. mail protection reports view data about malware, spam and rule detections.

You are the O365 admin for your company. Users report that they have received significantly more spam messages over the past month than they normally receive. You need to analyze trends for the email messages over the past 60 days. From the O365 admin center, what should you view? A. messages on service health page B. Received mail report C. O365 malware detections in sent mail report D. Mailbox content search and hold report

A. messages on service health page

An organization implements SSO for use with O365 services. You install an ADFS proxy server. Users report that they are unable to authenticate. You launch the Event Viewer and view the event information shown in the following screen shot: The federation server proxy could not establish a trust with the Federation Service. Additional data: Exception details: MSIS3126: Access denied You need to ensure that users can authenticate to O365. What should you do? A. re-enter the credentials used to establish the trust B. Verify the federation server proxy is trusted by the federation service C. Reinstall the SSL certificate for the federation service D. verify network connectivity between the Federation Service Proxy and federation server.

A. re-enter the credentials used to establish the trust

Contoso uses O365 for collaboration. You are implementing ADFS for SSO with O365 services. The environment contains an AD domain and an ADFS federation server. You need to ensure that the environment is prepared for the ADFS setup. Which two actions should you perform? A.Configure AD to use the domain contoso.com B. Configure AD to use the domain contoso.local C. create a server authentication certificate for the federation server by using fs.contoso.com as the subject name and subject alternative name D. create a server authentication certificate for the federation server by using fs.contoso.local as the subject name and subject alternative name

A.Configure AD to use the domain contoso.com C. create a server authentication certificate for the federation server by using fs.contoso.com as the subject name and subject alternative name

A company has a Windows Server 2008 domain controller and a SharePoint 2007 farm. All servers on the network run Windows Server 2008. You must provide SSO for O365 SharePoint sites from the company's network. You need to install the required software. What should you install? Software: .NET Framework 3.5 with SP1 ADFS 2.0 Rollup 3 for ADFS 2.0 SharePoint Server 2013 Sharepoint Server 2010 with SP1 Action: 1. Install ___________________ 2. Install ___________________ 3. Install ___________________ 4. Configure trusts between environments 5. Configure AD sync

Action: 1. Install .NET Framework 3.5 with SP1 2. Install ADFS 2.0 3. Install Rollup 3 for ADFS 2.0 4. Configure trusts between environments 5. Configure AD sync

You are the O365 admin for your company. The company has a single office. You have the following requirements: -you must configure a redundant ADFS implementation. -you must use a Windows internal database to store ADFS config data. -the solution must use a custom login page for external users -the solution must use SSO for internal users. You need to deploy the minimum number of servers. How many servers should you deploy? A. 2 B. 4 C. 6 D. 16

B. 4

You deploy Lync Online for a company that has offices in San Francisco and NY. The two offices both connect to the internet. There is no private network link between the offices. Users in NY office report that they cannot transfer files to the users in the SF office by using Lync Online. You need to ensure that users in both offices can transfer files by using Lync Online. What should you do? A. Configure the firewall to open TCP ports 50060-50079 B. Configure the firewall to open TCP ports 50040-50059 C. Create a private network connection to share files. D. upgrade all the Lync Online clients to use Lync 2013.

B. Configure the firewall to open TCP ports 50040-50059

A company has an O365 tenant. You plan to distribute the O365 ProPlus client to users. The client machines do not normally have Internet access. You need to activate the O365 PP installations and ensure the licenses remain active. What should you do? A. Connect the client computer to the Internet once to activate the client and once every 90 days after that. B. Connect the client computer to the Internet once to activate the client, and once every 30 days after that. C. Connect the client computer to the Internet only once to activate the client. D. Connect the client computer to the Internet once to activate the client, and once every 180 days after that. E. Connect the client computer to the Internet once to activate the client, and once every 365 days after that.

B. Connect the client computer to the Internet once to activate the client, and once every 30 days after that.

You use a centralized identity management system as a source of authority for user account info. You export a list of new user accounts to a file on a daily basis. Your company uses a local AD for storing user accounts for on-prem solutions. You are configuring the Windows Azure AD Sync tool. New user accounts must be created in both the local AD and O365. You must import user account data into O365 daily. You need to import the new users. What should you do? A. Use the O365 admin center to import the file. B. Create a PowerShell script to import account data from the file into AD. C. Use the Azure Mgmt Portal to import the file D. Create a PowerShell script that uses the MSOnline module to import account data from the file

B. Create a PowerShell script to import account data from the file into AD.

You have an on-prem Exchange organization. The organization plans to migrate to Exchange Online. Users report that after their mailboxes are migrated Exchange Online they are no longer able to send email 10 a specific dynamic distribution list. All other distribution lists work as expected. You need to resolve the issue. What should you do? A. In the AD Sync Services console, change the connector filter to include dynamic distribution lists B. In O365, recreate the dynamic distribution list. C. Run the following cmdlet Set-DynamicDistributionGroup D. Reduce the number of members in the distribution list to fewer than 1,500 contacts.

B. In O365, recreate the dynamic distribution list.

An organization purchase an O365 plan for 10,000 user accounts. You have a domain controller that runs Windows Server 2008 R2. The forest functional level is set to Windows Server 2000. The organization must be able to sync user attributes from the on-prem AD Domain Services environment to O365. You need to prepare to install the Windows Azure AD Sync tool. Which two actions should you perform? A. Upgrade the domain controller to Windows Server 2012. B. Install MS .NET Framework 3.5 SP1 and MS .NET Framework 4.0. C. Install Windows Server 2012 Standard edition. D. Raise the forest functional level to Windows Server 2008 R2. E. Join a workstation to an AD domain.

B. Install MS .NET Framework 3.5 SP1 and MS .NET Framework 4.0. D. Raise the forest functional level to Windows Server 2008 R2.

An organization plans to migrate to O365. You use Azure AD Connect. Several users will not migrate to O365. You must exclude these users from sync. All users must continue to authenticate against the on-prem AD. You need to sync the remaining users. What three actions should you perform? A. Run cmd Set-MsolDirSyncEnabled -EnableDirSync $false B. Perform a full sync. C. Populate an attribute for each user account. D. Configure the connection filter. E. Disable the user accounts in AD.

B. Perform a full sync. C. Populate an attribute for each user account. D. Configure the connection filter.

A company has an O365 tenant. You implement two-factor authentication for all users. You hire an employee named User1 to track service usage and status. User1 must be able to monitor the status of the services over a period of time by using a report. User1 does not have administrator access. You need to provide a report for User1. Which report solution should you choose? A. downloadable spreadsheet B. REST reporting web services C. reporting PowerShell cmdlets D. O365 admin center

B. REST reporting web services

An organization prepares to implement O365. You have the following requirements: -gather information about the requirements for the O365 implementation -use a supported tool that provides the most comprehensive info about the current environment you need to determine the organization's readiness for the O365 implementation. What should you do? A. Run the Windows PowerShell cmdlet Get-MsolCompanyInformation B. Run the OnRamp for O365 tool C. Install the Windows Azure AD Sync tool D. run the o365 Deployment Readiness Tool

B. Run the OnRamp for O365 tool

You have an O365 subscription. The O365 organization contains 4 temporary administrators. The administrators are members of multiple role groups. You need to create a script that prevents the temporary administrators from performing administrative tasks from the O365 admin center. The solution must meet the following requirements: -provide the ability to reestablish administrative access to the temporary administrators within 14 days. -Release the O365 licenses assigned to the temporary admins. A. Remove-MsolUser B. Set-MsolUser C. Set-MsolUserLicense -UserPrincipleName User1, User2, User3, User4, User5 A. -BlockCredential $true B. -Force C. -RemoveLicenses

B. Set-MsolUser -UserPrincipleName User1, User2, User3, User4, User5 C. -RemoveLicenses

You are the O365 admin for your company. Users report that they cannot sign in to Lync from their mobile devices, but they are able to send and receive Lync messages by using their laptop computers. You need to troubleshoot the issue. What should you do? A. From the O365 message center, confirm Lync settings. B. Use the MS Connectivity Analyzer to confirm settings. C. Confirm Lync user licenses for the affected users. D. From the Lync admin center, verify the external access settings.

B. Use the MS Connectivity Analyzer to confirm settings.

Your company deploys an O365 tenant. You need to ensure that you can view service health and maintenance reports for the past seven days. What are two possible ways to achieve this goal? A. Run the MS Online Services Diagnostics and Logging Support Kit. B. View the service health current status page of the O365 admin center. C. View the service settings page of the O365 admin center D. Subscribe to the O365 Service Health RSS Notifications feed

B. View the service health current status page of the O365 admin center. D. Subscribe to the O365 Service Health RSS Notifications feed

Contoso plans to use O365 for email services and Lync Online. Contoso has four unique domain names. You need to migrate domain names to O365. Which two domain names should you exclude from the migration? A. contoso.us B. contoso C. contoso.local D. contoso.co

B. contoso -- single labeled domain, not valid C. contoso.local - internal labelled domain, not valid

You have a legacy application that needs to send email to employees. The legacy application runs on a client computer that must send email by using SMTP through Exchange Online. You need to identify the correct host name and port information. Which settings should you use? A.outlook-office365.com and port 25 B. outlook-office365.com and port 587 C. smtp.office365.com and port 587 D. smtp.office365.com and port 25

B. outlook-office365.com and port 587 preferred port for mail submission

A company has an O365 tenant and uses Exchange Online and SfB Online. User1 is scheduling a Skype meeting with User2. User1 is not able to see availability information for User 2. You need to troubleshoot the issue. What should you use? A. Lync Connectivity Analyzer Tool B. OCSLogger C. ClsController D. Remote Connectivity Analyzer

C. ClsController

You have an O365 subscription that has several thousand mailboxes. The users in the O365 organization are located in different regions. You need to view the path of the email messages sent from a user to an external recipient. Which cmdlet should you use? A. Get-MailboxActivityReport B. Get-MailDetailTransportRuleReport C. Get-MailTrafficReport D. Get-ServiceDeliveryReport

C. Get-MailTrafficReport

Your company migrates to O365. 2,000 active users have valid O365 licenses assigned. An additional 5,000 user accounts were created during the migration and testing processes. These users do not have an licenses assigned. You need to remove the O365 user accounts that do not have any licenses assigned by using the least amount of admin effort. Which PowerShell command do you run? A. Get-MsolUser -All -EnabledFilter "DisabledOnly" | Remove-MsolUser -Force B. Get-MsolUser-EnabledFilter "DisabledOnly" | Remove-MsolUser -Force C. Get-MsolUser -All -UnlicensedUsersOnly | Remove-MsolUser -Force D. Get-MsolUser -UnlicensedUsersOnly | Remove-MsolUser -Force

C. Get-MsolUser -All -UnlicensedUsersOnly | Remove-MsolUser -Force

Your company subscribes to O365 E3. A user named User1 installs Office ProPlus for O365 on a client computer. From the MS Online Services Portal, you assign User1 an Office ProPlus license. One month after installing Office, User1 can no longer save and edit Office documents on the client computer. User1 can open and view Office documents. You need to ensure that User1 can save and edit documents on the client computer by using Office. What should you do? A. Install Office Customization tool B. Reinstall Office ProPlus C. Install Microsoft Online Services Sign-in Assistant D. Upgrade to E4.

C. Install Microsoft Online Services Sign-in Assistant

An organization plans to migrate to O365. You need to estimate the post-migration network traffic. Which tool will achieve the goal? A. Exchange Client Network Bandwidth Calculator B. Microsoft Remote Connectivity Analyzer C. Lync 2013 Bandwidth Calculator D. Windows Assessment and Deployment kit (ADK) E. Process Monitor

C. Lync 2013 Bandwidth Calculator

An organization plans to deploy Exchange Online. You must support all Exchange Online features. You need to create the required DNS entries. Which two DNS entries should you create? A. A B. SRV C. MX D. CNAME

C. MX D. CNAME

You have an Exchange Online tenant. User 1 reports that they are not able to check their email. Other users can check their email. You remotely connect to User 1's session. You need to troubleshoot why the user cannot check his email. What should you use? A. POP Email test B. Outlook Connectivity Test C. Microsoft Remote Connectivity Test D. Microsoft Connectivity Analyzer E. Outlook Autodiscover test F. IMAP Email test

C. Microsoft Remote Connectivity Test can test incoming and outgoing mail

Contoso uses SP Online and plans a new SSO implementation that uses ADFS. Your environment contains the following configurations: - 2 servers named Server1 and Server2 - a partner collaboration website for the domain contoso.com that points to a SP Online team site - a hardware load balancer to use with Server1 and Server2 You need to install ADFS to support the environment. Which three actions should you perform in sequence? A. Run cmdlet on Server1 Install-ADfsFarm -FederationServiceName contoso.com B. Run cmdlet on Server2 Add-AdfsFarmNode C. Request and install a SSL certificate on S1 and S2. D. Run cmdlet on Server1 Install-AdfsFarm -FederationServiceName fs.contoso.com E. Run cmdlet on Server2 Add-ClusterNode

C. Request and install a SSL certificate on S1 and S2. B. Run cmdlet on Server2 Add-AdfsFarmNode D. Run cmdlet on Server1 Install-AdfsFarm -FederationServiceName fs.contoso.com

A company deploys an O365 tenant. You need to configure SSO for all user accounts. Which two actions should you perform? A. Run cmdlet Convert-MsolDomainToStandard B. Run cmdlet Enable-ADFSEndpoint C. Run cmdlet Convert-MsolDomainToFederated D. Deploy a federation server proxy E. Run cmdlet New-ADFSOrganization F. Deploy a federation server farm

C. Run cmdlet Convert-MsolDomainToFederated F. Deploy a federation server farm

You are the admin for a company named Contoso. The company has an O365 subscription. You need to prevent users from changing their user display name by using Outlook Web App. What should you do? A. Run the Set-MsolCompanyContactInformation cmdlet B. Modify the default email address policy. C. Run the Set-MsolUserPrincipalName cmdlet D. Modify the default role assignment policy.

C. Run the Set-MsolUserPrincipalName cmdlet

You have an O365 subscription. You plan to create a report about MS OneDrive for Business usage that will be given to a third party. You need to ensure that the OneDrive for Business report shows anonymous identifiers instead of user names. What should you configure from Settings in the O365 admin center? A. Organization profile B. Services and add ins C. Security and Privacy D. Domains

C. Security and Privacy

You are the O365 admin for your company. A user named User1 from a partner organization is permitted to sign in and use the O365 services. User1 reports that the password expires in 10 days. You must set the password to never expire. Change must not impact any other accounts. You need to update the password policy for the user. Which cmdlet should you run? A. Set-MsolPasswordPolicy B. Set-MsolPartnerInformation C. Set-MsolUser D. Set-MsolUserPassword

C. Set-MsolUser

A company has an O365 tenant that has an E1 subscription. You configure the policies required for self-service password reset. You need to ensure that all existing users can perform self-service password resets. Which cmdlet should you run? A. Set-MsolUser B. Redo-MsolProvisionUser C. Set-MsolUserLicense D. Set-MsolUserPrincipalName E. Convert-MsolFederatedUser F. Set-MailUser G.Set-Linked User H. New-MsolUser

C. Set-MsolUserLicense

You have an O365 tenant that uses an E1 subscription. You need to convert the users in the tenant to an E3 subscription. Which Windows PowerShell cmdlet should you run? A. Set-MsolUser B. Redo-MsolProvisionUser C. Set-MsolUserLicense D. Set-MsolUserPrincipalName E. Convert-MsolFederatedUser F. Set-MailUser G.Set-Linked User H. New-MsolUser

C. Set-MsolUserLicense used to adjust the licenses for a user

Your company has an O365 subscription. The network contains an AD domain. You configure SSO for all users. You need to verify that SSO functions for the users who access O365 from the internet? A. The Get-MsolFederationProperty cmdlet B. The Test-OrganizationRelationship cmdlet C. The MS Remote Connectivity Analyzer D. The MS Exchange Server Deployment Assistant

C. The MS Remote Connectivity Analyzer

You need to recommend a solution to meet the technical requirements for monitoring the health information. What should you recommend? A. from the O365 admin center, modify the Services & add-ins settings. B. from the O365 admin center, modify the Organization Profile settings. C. Use the company portal app to receive push notifications. D. Use the O365 Admin app to receive push notifications.

C. Use the company portal app to receive push notifications.

A company uses O365 services. You implement the Azure AD Sync Tool in the local environment. An employee moves to a new dept. All O365 services must display the new dept info for the employee. You need to update the employee's user account. Where should you change the value of the dept attribute for the employee? A. AD mgmt page in Azure Mgmt Portal B. Users and Groups page in the O365 admin center C. on-prem AD D. Metaverse Designer

C. on-prem AD

You have a legacy application that needs to send email to employees. The legacy app runs on a client computer. The legacy application must send email by using IMAP through Exchange Online. You need to identify the correct host name and port information. which settings should you use? A. imap.office365.com and port 993 B. imap.office365.com and port 143 C. outlook.office365.com and port 993 D. Outlook.office365.com and port 143

C. outlook.office365.com and port 993

You are the SP Online admin for Contoso. The company purchases an E1 plan. The public-facing website must use SP Online and the custom domain contoso.com. You need to configure the DNS settings for the public-facing SP site. How should you configure the DNS settings? Record: A CNAME MX SRV Hostname: www.contoso.com contoso-public.office.com contoso-public.onmicrosoft.com contoso-public.sharepoint.com Points to address: www.contoso.com contoso-public.office.com contoso-public.onmicrosoft.com contoso-public.sharepoint.com

CNAME www.contoso.com contoso-public.sharepoint.com

A company has an AD Domain Service (AD DS) domain. All servers run Windows Server 2008. You have an on-prem Exchange 2010 server. The company plans to migrate to O365. Identify the required action for each phase of the pilot. Make only one selection in each column. Column 1: Planning Phase Column 2: Migration Phase Project Action: Assign licenses to users. Prepare the on-prem AD for directory sync. Raise the forest functional level to Windows Server 2008. Upgrade the Exchange server to Exchange 2013.

Column 1: Planning Phase Prepare the on-prem AD for directory sync. Column 2: Migration Phase Assign licenses to users.

You are the O365 admin for your company. You have a workstation that runs Windows 8. You need to install the prerequisite components so that you can view mail protection reports on the workstation. Which two items must you install? A. SQL Server Analysis Services B. Microsoft Connectivity Analyzer Tool C. Microsoft Access 2013 D. .NET Framework 4.5 E. Microsoft Excel 2013

D. .NET Framework 4.5 E. Microsoft Excel 2013

You are the O365 admin for your company. You prepare to install ADFS. You need to open the correct port between the ADFS proxy server and the ADFS federation server. Which port should you open? A. 80 B. 135 C. 389 D. 443 E. 636 F. 1723

D. 443 HTTPS

Your company has a hybrid deployment of O365. All mailboxes are hosted on O365. All users access their O365 mailbox by using a user account that is hosted on-prem. You need to delete a user account and its associated mailbox. Which tool should you use? A. Remove-MSOLUser cmdlet B. Remove-mailbox cmdlet C. The O365 portal D. AD Users and computers

D. AD Users and computers

Your company has a hybrid deployment of O365. You need to create a group. The group must have the following characteristics: Group properties are sync'ed automatically. Group members have the ability to control which users can send email messages to the group. What should you do? A. Create a distribution group and configure Mail Flow Settings. B. Create a dynamic distribution group. C. Create a new role group. D. Create a distribution group and configure the Membership Approval settings.

D. Create a distribution group and configure the Membership Approval settings.

Your company purchases an O365 plan. Your company has an AD Domain Services domain. User1 must manage O365 delegation for the company. You need to ensure that User1 can assign admin roles for other users. What should you do? A. create an O365 tenant and assign User1 the password admin role. B. use a password admin account to assign the role to user1 C. use a user management admin account to assign the role to user1 D. Create an O365 tenant and assign User1 the global admin role

D. Create an O365 tenant and assign User1 the global admin role

Your company has a hybrid deployment O365. You create a user in O365. The next day, you discover that the new user account fails to appear in the MS Exchange Server on-prem global address list (GAL). You need to ensure that the user has a mailbox and appear in the Exchange on-prem GAL and the O365 GAL. What should you do? A. Assign a MS Exchange Online license to the user account B. From the MS Online Services Directory Sync tool, enable rich coexistence. C. From the O365 portal, modify the sign-in status of the user account. D. Delete the user account hosted on O365. From the Exchange Mgmt Console, create a new remote mailbox.

D. Delete the user account hosted on O365. From the Exchange Mgmt Console, create a new remote mailbox.

Your company has an O365 subscription. You need to add the label "External" to the subject line of each email message received by your organization from an external sender. What should you do? A. From the Exchange control panel, add a MailTip B. From the Forefront Online Protection Admin Center, set the footer for outbound email. C. Run the Enable-InboxRule cmdlet D. From the Exchange Control Panel, run the New Rule wizard.

D. From the Exchange Control Panel, run the New Rule wizard.

An organization uses Exchange Online. You enable mailbox audit logging for all mailboxes. User1 reports that her mailbox has been accessed by someone else. You need to determine whether someone other than the mailbox owner has accessed the mailbox. What should you do? A. Run the following PowerShell command: Search-MailboxAuditLog -Identity User1 -LogonTypes Owner -ShowDetails B. In the Exchange admin center, navigate to the Auditing Section of the Protection page. Run a non-owner mailbox access report. C. Run the following PowerShell command: New-AdminAuditLogSearch -Identity User1 -LogonTypes Owner -ShowDetails D. In the Exchange admin center, navigate to the Auditing Section of the Compliance Mgmt page. Run a non-owner mailbox access report.

D. In the Exchange admin center, navigate to the Auditing Section of the Compliance Mgmt page. Run a non-owner mailbox access report.

You are the O365 admin for your company. You must use PowerShell to manage cloud identities in O365. You must use a computer that runs Win8 to perform the management tasks. You need to ensure that the Win 8 computer has the necessary software installed. What should you install first? A. MS O365 Best Practices Analyzer for PowerShell B. Windows PowerShell 4.0 C. Remote Server Admin Tools for Windows D. MS Online Services Sign-In Assistant

D. MS Online Services Sign-In Assistant

An organization migrates to O365. The O365 administrator must be notified when O365 maintenance activities are planned. You need to configure the administrator's computer to receive the notifications. What should you configure? A. O365 Management Pack for SCOM B. Service requests C. Service health page D. O365 Service Health RSS Notifications

D. O365 Service Health RSS Notifications

A company has an O365 tenant. You must retrieve mailbox diagnostic data. You need to provide a report with this data for all users. Which report solution should you choose? A. O365 admin center B. downloadable spreadsheet C. reporting Windows PowerShell cmdlets D. REST reporting web service

D. REST reporting web service

A company deploys an O365 tenant in a hybrid configuration with Exchange Server 2013. O365 users cannot see free/busy info that is published from the on-prem Exchange Server. In addition, Exchange Server users cannot see free/busy info that is published from O365. You need to troubleshoot why users cannot access free/busy info from both O365 and Exchange Server 2013. What tool should you run? A. Hybrid Config Wizard B. Remote Connectivity Analyzer with the Exchange Server tab selected. C. Connectivity Analyzer Tool D. Remote Connectivity Analyzer with the O365 tab selected.

D. Remote Connectivity Analyzer with the O365 tab selected.

You plan to deploy an O365 tenant to multiple offices around the country. You need to modify the accounts that are authorized to administer the Rights Management. Which cmdlet should you run? A. Get-AadrmRoseBasedAdministrator B. Connect-AadrmService C. Enable-AadrmSuperUserFeature D. Remove-AadrmRoleBasedAdministrator

D. Remove-AadrmRoleBasedAdministrator

You have an O365 environment. Synchronization between the on-prem AD and O365 is enabled. You need to deactivate dirsync. Which cmdlet should you run? A. Update-MsolFederatedDomain B. Remove-MsolDomain C. Remove-MsolFederatedDomain D. Set-MsolDirSyncEnabled

D. Set-MsolDirSyncEnabled

A company has an O365 tenant that has an E1 subscription. Users currently sign in with credentials that include the contoso.com domain suffix. The company is acquired by Fabrikam. User must now sign in with credentials that include the fabrikam.com domain suffix. You need to ensure that all users sign in with the new domain name. Which cmdlet should you run? A. Set-MsolUser B. Redo-MsolProvisionUser C. Set-MsolUserLicense D. Set-MsolUserPrincipalName E. Convert-MsolFederatedUser F. Set-MailUser G.Set-Linked User H. New-MsolUser

D. Set-MsolUserPrincipalName

You are the O365 admin for your company. The company uses ADFS to provide SSO cloud-based services. You enable multi-factor authentication. Users must NOT be required to use multi-factor authentication when they sign in from the company's main office location. However, users must be required to verify their identity with a password and token when they access resources from remote locations. You need to configure the environment. What should you do? A. Disable ADFS multi-factor auth B. Configure an IP blacklist for the main office location C. disable the ADFS proxy D. configure an IP whitelist for the main office location

D. configure an IP whitelist for the main office location

A company has an O365 tenant. You plan to use O365 to manage the DNS settings for a custom domain. You purchase the domain through a third-party provider. You create a custom website. You must host the website through a third-party provider at IP address 134.170.185.46. You need to configure the correct DNS settings. What should you do? DNS Record: Name server A AAAA TXT CNAME DNS target ns1.bdm.microsoftonline.com ns2.bdm.microsoftonline.com 134.170.185.46

DNS target ns1.bdm.microsoftonline.com - name server ns2.bdm.microsoftonline.com - name server 134.170.185.46 - A

You are the O365 admin for your company. Users report that their passwords expire too frequently, and they do not receive adequate notice of password expiration. Account passwords must remain active for the longest duration allowed. User must receive password expiration notifications as early as possible. You need to configure the password expiration policy. How should you set the policy on the password page of the o365 admin center? Days before passwords expire: Days before a user is notified their password will expire: 1 13 30 72 365 730 1095 1460

Days before passwords expire: 730 Days before a user is notified their password will expire: 30

A company has an AD Domain Services domain. You plan to implement ADFS with SSO. You have the following requirements: Servers must be on Windows Server 2012 R2. Internet-facing servers must be placed in the perimeter network. The solution must support at least 105 ADFS trust relationships. You need to deploy the appropriate roles. Deployment location: Perimeter Application Database Role: Web App Proxy Federation Service Proxy ADFS ADDS SQL Server

Deployment location: Perimeter - Web App Proxy Application - ADFS Database - SQL

You are the Office 365 admin for your company. You must configure a trust between the on-prem AD domain and the O365 environment by using ADFS. You need to assign the correct certificate to the description of your on-prem server environment below. Which certificate types should you assist? Description: Secures the communication between federation servers, clients, and federation server proxy computers. Securely signs all tokens that the federation server issues for the cloud-based services. Certificate Type: Client Domain SSL X.509

Description: Secures the communication between federation servers, clients, and federation server proxy computers. -- SSL Securely signs all tokens that the federation server issues for the cloud-based services. - X.509

A company has an O365 tenant that has an E1 subscription. You use SSO for all user accounts. You plan to migrate all services to O365. You need to ensure that all accounts use standard authentication. Which cmdlet should you run? A. Set-MsolUser B. Redo-MsolProvisionUser C. Set-MsolUserLicense D. Set-MsolUserPrincipalName E. Convert-MsolFederatedUser F. Set-MailUser G.Set-Linked User H. New-MsolUser

E. Convert-MsolFederatedUser

You have an O365 tenant that uses an E3 subscription. You activate Azure Rights Management for the tenant. You must test the service with the Development security group before you deploy Azure RM for all users. You need to enable Azure RM for only the Development security group. Which cmdlet should you run? A. Enable-Aadrm B. New-AadrmRightsDefinition C. Enable-AadrmSuperUserFeature D. Add-AadrmSuperUser E. Set-AadrmOnboardingControlPolicy

E. Set-AadrmOnboardingControlPolicy sets the policy that controls user on-boarding for ARM.

What report must be used to view previous tasks performed in O365 for each task? Reports: Audit log search Mail protection O365 usage Answer: Each cloud account created Each modification to the password policy each office activation

Each cloud account created - O365 usage Each modification to the password policy - Audit log search Each office activation - mail protection

A company deploys an O365 tenant. You need to enable multi-factor authentication for O365. Which three actions should you perform in sequence? Enable multi-factor auth. for all user accounts. Instruct users to use a mobile phone to complete the registration process. Create a multi-factor auth provider with the Per Enabled User usage model. Create a multi-factor auth provider with the Per Authentication usage model. Instruct users to obtain a single-use password to complete the registration process.

Enable multi-factor auth. for all user accounts. Instruct users to use a mobile phone to complete the registration process. Instruct users to obtain a single-use password to complete the registration process.

A company deploys an O365 tenant. All employees in the HR dept must use multi-factor auth. They must use only the MS Outlook client to access their email messages. User1 joins the HR dept. You need to help User1 configure his account. Which three actions should you perform in sequence? Instruct User1 to create an app password. Instruct User1 to use an app password to complete the registration process. Instruct User1 to use a one-time password to complete the registration process. Enable multi-factor authentication for User1. Instruct User1 to use a mobile phone to complete the registration process.

Enable multi-factor authentication for User1. Instruct User1 to create an app password. Instruct User1 to use an app password to complete the registration process.

A graphic design agency has an O365 tenant. The agency uses only computers that run the Apple Macintosh OS. Some users have MS Entourage 2008 for Mac and some have Microsoft Outlook for Mac. All users report that they cannot access Exchange Online to check their email. You need to run test connectivity for all users to identify the problem. You need to use the MS Remote Connectivity Analyzer and the credentials of the users. What should you do? Tests: MS Exchange Web Services Connectivity Test Service Account Access (Developers) Outlook Connectivity Outlook Autodiscover Inbound SMTP Email Outbound SMTP Email Email Client: Entourage Outlook for Mac

Entourage - Inbound SMTP Email Outlook for Mac - Outlook Connectivity

A company deploys an O365 tenant. All employees use Lync Online. You need to configure the network firewall to support Lync Online. Which ports must you open? Feature: Audio, video, and app sharing sessions Lync mobile push notifications Ports: 443 3478 5223 80 389

Feature: Audio, video, and app sharing sessions - 443 Lync mobile push notifications - 5223

A company deploys an O365 tenant. You prepare to use the bulk add tool to add users to O365. You need to prepare a file to use with the bulk add tool. Which fields must you include in the file? Field: User Name Display Name First Name Last Name Job Title

Field: User Name - yes Display Name - yes First Name - no Last Name - no Job Title - no

You are the O365 admin for your company. Your company uses O365 for collaboration. You must reset the password for all of the employees in your company. You need to ensure that all the employees create a new password the next time they sign in to O365. How should you complete the relevant PowerShell command? Get-MsolUser -All | Set _____________ ___________________ -MsolUser -MsolUserPassword -ForceChangePassword $true -NewPassword Pass#123# -PasswordNeverExpires $true -StrongPasswordRequired

Get-MsolUser -All | Set _____________ ___________________ -MsolUserPassword -ForceChangePassword $true

A company has 50 employees that use O365. You need to enforce password complexity requirements for all accounts. How should you complete the relevant Windows PowerShell command? Get ____________ | Set ___________________ ____________________ $true -MsolUser -MsolUserRole -MsolUserPassword -StrongPasswordRequired -StrongAuthenticationRequirements

Get-MsolUser| Set-MsolUser -StrongPasswordRequired $true

A company has 50 employees that use O365. You need to disable password expiration for all accounts. How should you complete the relevant PowerShell commands? Import-Module _______________ $cred= Get-Credential Connect-____________ -cred $cred Get-_________________ | Set-___________________ -PasswordNeverExpires $true Answers: -MsolUser -MsolUserRole -MSOnline -MsolService -MsolSubscription -SPUser -SPOUser -SPOService -SPOExternalUser -SPOTenant

Import-Module -MSOnline $cred= Get-Credential Connect-MsolService -cred $cred Get-MsolUser | Set-MsolUser -PasswordNeverExpires $true

You are the O365 admin for your company. You need to ensure that trusted apps can decrypt rights-protected content. Which four cmdlets should you run in sequence? Import-Module AADRM Add-AadrmRoleBasedAdministrator Enable-AadrmSuperUserFeature Set-AadrmMigrationUrl Enable-Aadrm Connect-AadrmService

Import-Module AADRM Connect-AadrmService Enable-Aadrm Enable-AadrmSuperUserFeature

You are the O365 admin for your company. You audit the Windows Azure AD Rights Management configuration for the company. You need to view a log of the recent admin commands performed against the MS Rights Management Service. Which three cmdlets should you run in sequence? Get-AadrmAdminLog Get-AadrmRoleBasedAdministrator Import-Module AADRM Connect-AadrmService Get-AadrmSuperUser Get-MsolUser

Import-Module AADRM Connect-AadrmService Get-AadrmAdminLog

You need to ensure that all of the planned changes for the ADFS sign-in webpage are performed successfully. Which cmdlet should you use to perform each change? Cmdlets: Set-AdfsGlobalWebContent Set-AdfsRelayingPartyWebContent Set-AdfsWebTheme Answer: Include the Fabrikam logo Include the help desk phone number Include the sign-in description

Include the Fabrikam logo - Set-AdfsWebTheme Include the help desk phone number - Set-AdfsGlobalWebContent Include the sign-in description - Set-AdfsRelayingPartyWebContent

A company is deploying an O365 tenant. You need to deploy a Windows Server 2012 R2 federation server farm. Which three actions should you perform in sequence? Use AdfsSetup.exe to add the first federation server to the federation server farm. Install the ADFS server role. Use AdfsSetup.exe to add the second federation server to the federation server farm. Run the Windows PowerShell cmdlet Enable-ADFSEndpoint. Use the ADFS Federation Server Configuration Wizard to configure the first federation server to the federation server farm. Use the ADFS Federation Server Configuration Wizard to configure the second federation server to the federation server farm.

Install the ADFS server role. Use the ADFS Federation Server Configuration Wizard to configure the first federation server to the federation server farm. Use the ADFS Federation Server Configuration Wizard to configure the second federation server to the federation server farm.

Contoso has an O365 tenant. The company has two servers named Server1 and Server2 that run Windows 2012 R2 Server. The servers are not joined to the contoso.com domain. Server2 is deployed to the perimeter network. You install SSL certificates on both servers. You deploy internal and external firewalls. All firewalls allow HTTPS traffic. You must deploy SSO and ADFS. You need to install and configure all ADFS components in the environment. Which 4 actions should you perform in sequence? Join Server1 and Server2 to the contoso.com domain. Install and configure ADFS on Server1. Run cmdlet on Server2: Install-WindowsFeature Run cmdlet on Server2: Install-WebApplicationProxy Run cmdlet on Server2: Install-AdfsFarm Join Server1 to the contoso.com domain. Run cmdlet on Server2: New-WebApplication

Join Server1 to the contoso.com domain. Install and configure ADFS on Server1. Run cmdlet on Server2: Install-WindowsFeature Run cmdlet on Server2: Install-WebApplicationProxy

Your company uses O365. You need to identify which users do NOT have a Microsoft Exchange Online license assigned to their user account. Which cmdlet should you use? A. Get-ManagementRoleAssignment B. Get-User C. Get-RoleGroupMember D. Get-LogonStatistics E. Get-RemovedMailbox F. Get-MSOLContact G. Get-Recipient H. Get-Mailbox I. Get-Group J. Get-MailboxStatistics K. Get-MSOLUser L. Get-MailContact

K. Get-MSOLUser

You have an O365 tenant. An organization is migrating from Exchange to O365. Users report that Outlook does not display the availability of other users for meetings. You must determine whether an O365 mailbox can access the scheduling availability of a user with an on-prem mailbox. You must also run a test to verify that an on-prem mailbox can access the availability of an O365 mailbox. You need to conduct the tests. What should you do? Mailbox Test scenario: on-prem to O365 mailbox O365 to on-prem mailbox Tests: O365 SSO Test MS Exchange Web Services Connectivity Test Outlook Connectivity Test

Mailbox Test scenario: on-prem to O365 mailbox - Outlook Connectivity Test O365 to on-prem mailbox - MS Exchange Web Services Connectivity Test

An organization prepares to migrate to O365. The organization has one DC named NYC-DC1 and one server named NYC-DS that is designated as the dir-sync computer. The organization has the following servers: NYC-DC1 - Win Server 2008 R2 - FFL: Win 2000 NYC-DS - Windows Server 2003 You plan to upgrade the servers to support dir-sync. You must upgrade each server to meet only the minimum requirements by using the least amount of admin effort. You need to ensure that you can use the Window Azure AD Sync tool to sync the local AD with O365. What should you do? NYC- DC1 - requirement? Raise FFL to Windows Server 2003. Raise FFL to Windows Server 2008. Raise FFL to Windows Server 2008 R2. Install Windows Server 2012. NYC-DS - requirement? install the 64-bit version of Win Server 2008 Standard Ed. Install Win Server 2008 R2 Standard Ed. Install Win Server 2008 R2 Datacenter edition. Install Win Server 2012.

NYC- DC1 - Raise FFL to Windows Server 2003. NYC-DS - Install Win Server 2008 R2 Standard Ed.

Fabrikam Inc. plans to use the domain fabrikam.com for O365 user identities, email addresses, SIP addresses, and a public-facing homepage. SSO between O365 and the on-prem AD is NOT required. You need to configure the O365 plan. What four cmdlets should you run in sequence? Cmdlets: Update-MsolFederatedDomain Set-MsolDomain Get-MsolDomainVerificationDns New-MsolDomain Get-MsolDomainFederationSettings Confirm-MsolDomain New-MsolFederatedDomain

New-MsolDomain (adding domain) Get-MsolDomainVerificationDns (check DNS) Confirm-MsolDomain (confirm domain) Set-MsolDomain (setting fabrikam.com as default domain)

You need to configure the O365 subscription to ensure that AD users are connected to O365 resources by using SSO. Solution: You run Convert-MsolFederatedUser for all users. Does this meet the goal?

No

Fabrikam employs 500 users and plans to migrate to O365. You must sign up for a trial plan from the O365 website. You have the following requirements: Create the max number of trial users allowed. Convert the trial plan to a paid plan at the end of the trial that supports all of Fabrikam's users You need to create an O365 trial plan How should you configure the trial plan? Plan O365 Midsize Business O365 Enterprise E1 O365 Enterprise E3 O365 Enterprise E4 # of Included Trial Users 25 50 100 250

O365 Enterprise E3 25

A company plans to sync users in an existing AD organizational unit with O365. You must configure the Azure AD Sync tool with password sync. You need to ensure that the service account has a minimum level of permissions required. Which two permission levels should you assign to each task? Password Write Back Full control or reset password Create Child or Create password Password Sync Replicating Directory Changes or manage replication top. Replication directory changes all or changes in filtered set

Password Write Back reset password Create password Password Sync Replicating Directory Changes Replication directory changes all

The legal dept in your organization creates standardized disclaimers for all of their email messages. The disclaimers explain that any transmissions that are received in error should be reported back to the sender. You track any confidential documents that are attached to email messages. Your security team reports that an employee may have mistakenly sent an email message that contained confidential information. You need to identify whether the email message included the disclaimer and whether it contained confidential information. Which two options should you configure? Rule matches for received mail Rule matches for sent mail DLP policy matches for sent mail DLP rule matches for sent mail

Rule matches for sent mail DLP policy matches for sent mail

A company plans to deploy an O365 tenant. You have the following requirements: -Admins must be able to access O365 admin center -MS Exchange Online must be used as a SMTP relay for a line-of-business application that sends email messages to remote domains. -All users must be able to use the audio and video capabilities in MS Lync 2013. You need to configure the ports for the firewall. Which port should you use for each application? SMTP relay - 25, 443, 587 O365 admin center - 80, 443, 10106 Lync - outbound video - 50000-50019, 50020-50039, 50040-50059 Lync - outbound audio - 50000-50019, 50020-50039, 50040-50059

SMTP relay - 25 O365 admin center - 443 Lync - outbound video - 50020-50039 Lync - outbound audio - 50000-50019

You are the Exchange Online admin for an organization. The organization migrates all users to Exchange Online. An employee works for a partner organization named Contoso. The employee uses the email alias [email protected]. User report that over the past week, they have not received email messages from [email protected]. You need to trace email messages that originate from that email address to users in your organization. What two setting should you configure? Sender - add users Recipient - add users Message was sent or received: Last 48 hours Delivery Status: Message ID.

Sender - add users Message was sent or received: Last 48 hours

You need to configure the ADFS servers to meet the technical requirement for accessing O365 from a web browser. What command should you run? A. Set-AdfsAdditionalAuthenticationRule B. Set-AdfsClaimsProviderTrust C. Set-MsolAdfsContext A. -AdditionalAuthenticationRules B. -AdfsUserCredentials C. -AlternateLoginID

Set-AdfsClaimsProviderTrust -AlternateLoginID

You implement SSO between O365 and an on-prem deployment of AD. You need to configure ADFS to prevent users from being able to log on for 30 minutes after they attempt to log on by using a bad password 10 consecutive times. What command should you run? _____________ -EnableExtranetLockout $true ______________________ 10 ______________ ( new-timespan -Minutes 30) 1. Set-Adfsclient Set-AdfsProperties Set-AdfsEndPoint 2. -ExtranetLockoutThreshold -ExtranetObservationWindow -ExtendedProtectionTokenCheck 3. -ExtranetLockoutThreshold -ExtranetObservationWindow -ExtendedProtectionTokenCheck

Set-AdfsEndPoint -ExtranetLockoutThreshold -ExtranetObservationWindow

You are the O365 admin for Contoso. User1 is unable to sign in. You need to change the password for User1 and ensure that the user is prompted to reset her password the next time she signs in. How should you complete the command? Set-MsolUserPassword _______________ ____________________ -TenantID [email protected] -PasswordNeverExpires contoso\user1 -ImmutableId -UserPrincipalName User1\contoso -NewPassword

Set-MsolUserPassword -UserPrincipalName [email protected]

You deploy Azure AD Connect. You modify the UPN suffix of each sales dept user to fabrikam.com. You need to ensure that the AD changes are updated in O365. What command should you run? Set-MsolUserPrincipalName -UserPrincipalName username@ A. contoso.com B. fabrikam.com C. fabrikamfinancialservices.onmicrosoft.com -NewUserPrincipalName username@ A. contoso.com B. fabrikam.com C. fabrikamfinancialservices.onmicrosoft.com

Set-MsolUserPrincipalName -UserPrincipalName username@ C. fabrikamfinancialservices.onmicrosoft.com -NewUserPrincipalName username@ B. fabrikam.com

You are the O365 admin for your company. The company has two admins named User 1 and User 2. Users must be able to perform the activities shown below: U1 - reset passwords for standard user accounts and other members of the same role, not for other admins U2 - set passwords for all admins Options: password admin delegate admin billing admin global admin

User 1 - password User 2 - global

You have an O365 tenant. A user named User1 has a mailbox. The user creates documents and saves the documents in a shared document library. User1 leaves the company. You must delete the account for User1. In the table below, identify which type of data will be deleted. Make only one selection in each column. Timeframe Never removed Removed immediately Removed after 30-day grace period Removed after 90-day grace period User 1 Exchange Online Mailbox Documents created by User1 on Sharepoint Online

User 1 Exchange Online Mailbox - Removed after 30-day grace period Documents created by User1 on Sharepoint Online - Never removed

Fabrikam has the O365 E3 plan. You must add the domain name fabrikam.com to the O365 tenant. You need to confirm ownership of the domain. Which DNS record types should you use? Verification Method: Preferred Alternate DNS Record Type: CNAME A TXT SRV MX

Verification Method: Preferred - TXT Alternate - MX

You manage an O365 tenant. The subscription details for the tenant are displayed in the following area: Subscription: O365 Business Premium Status: Active Quantity: 2 user licenses Cost: $10 Term End Date: Autorenews What is the max number of devices on which you can install Office? 0, 2, 5, 10, 20 Which services does the tenant have licensing rights to use? Exchange only Ex and SP Ex and SfB Ex, SP, and Yammer Ex, SP, SfB, and Yammer What is the max number of user accounts you can create in the tenant? 100, 200, 300, 400, 500

What is the max number of devices on which you can install Office? 5 Which services does the tenant have licensing rights to use? Ex, SP, SfB, and Yammer What is the max number of user accounts you can create in the tenant? 300 Each user can install Office on 5 PCs or Macs, 5 tablets and 5 phones Online Services include Ex, SP, SfB, and Yammer Small Business premium supports a max of 300 users

Your network contains a single AD forest. The forest contains a DC and ADFS servers that are deployed to virtual machines. The virtual machines run either on-prem or on Azure. You have Azure AD connect deploy on-prem. The Azure AD connect database is installed on an on-prem instance of MS SQL Server 2014. Last month, an Azure AD Connect server experiences a hardware failure that causes Azure AD connect server to go offline for several days. You need to recommend a solution to reduce the outage windows when hardware failure occurs on the Azure AD connect server. Solution: you deploy a new Azure AD connect server to an Azure virtual machine that uses a new SQL server instance. You set the Azure AD Connect server to staging mode. Does this meet the goal?

YES

You need to configure the O365 subscription to ensure the AD users can connect to O365 resources by using SSO. Solution: you run Convert-MsolDomainToStandard for the fabrikam.com domain and the contoso.com domain. Does this meet the goal?

Yes

An organization has over 10,000 users and uses a SQL-based ADFS server farm. You need to change the ADFS 2.0 service account password. What should you do? Log on to each: A. directory sync server B. federation proxy server C. federation server D. workstation Modify the application pool identity by using the: A. ADFS management B. IIS manager C. local security policy D. task scheduler Modify the ADFS 2.0 Windows Service Properties by using the: A. O365 admin center B. System Configuration C. Windows Services MMC snap-in

federation server IIS manager Windows Services MMC snap-in

You implement O365 for an organization. You must create the correct DNS entries needed to configure O365. Which DNS entries should you create? Purpose: helps prevent outbound email messages from being flagged as spam configures email message routing outlook autodiscover record is used to help users easily configure their desktop clients DNS Record Type: A CNAME MX SRV TXT

helps prevent outbound email messages from being flagged as spam -TXT configures email message routing -MX outlook autodiscover record is used to help users easily configure their desktop clients - CNAME

Your network contains a single AD forest. The forest contains a DC and ADFS servers that are deployed to VMs. The VMs run either on-prem or on Azure. You have Azure AD connect deployed on-prem. The Azure AD connect database is installed on an on-prem instance of SQL Server 2014. Last month, an Azure AD connect server experienced a hardware failure that caused an Azure AD connect server to go offline for several days. You need to recommend a solution to reduce the outage window when hardware failure occurs on the Azure AD connect server. Solution: you deploy a new on-prem Azure AD Connect server that uses the same SQL server instance. You set the Azure AD connect server to staging mode. Does this meet the goal?

no


Conjuntos de estudio relacionados

How to Win Friends and Influence People

View Set

International Marketing- Midterm Review- CH 3

View Set

chapter 15: data and competitive advantage: databases, analytics, AI, and machine learning

View Set

Chapter 1: Cells: The Fundamental Units of Life

View Set

WK 13&14/ Lippincott Ch 10 reproductive questions/ex3

View Set